[Bug 47027] Wine built with GCC 8.x+ and -O2 causes apps and games using madCodeHook 3.x /4.x to crash (hook engine can't cope with GOT/ PIC code emitted within 15-byte range at Win32 API entries)(EA Origin, HeidiSQL 10.x)
wine-bugs at winehq.org
wine-bugs at winehq.org
Fri May 3 02:39:39 CDT 2019
https://bugs.winehq.org/show_bug.cgi?id=47027
Anastasius Focht <focht at gmx.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|EA Origin client crashes on |Wine built with GCC 8.x+
|startup (Origin IGO using |and -O2 causes apps and
|madCodeHook 3.x engine |games using madCodeHook
|can't cope with GOT/PIC |3.x/4.x to crash (hook
|register load code within |engine can't cope with GOT/
|15-byte range at API entry) |PIC code emitted within
| |15-byte range at Win32 API
| |entries)(EA Origin,
| |HeidiSQL 10.x)
--- Comment #15 from Anastasius Focht <focht at gmx.net> ---
Hello folks,
refining summary again to capture not only (EA) games but many other commercial
and FOSS apps that make use of madCodeHook 3.x and 4.x engine.
Additionally, the description is more suitable for news sites that make their
own summaries out of Wine 4.8 release bug lists.
Found another victim here:
https://forum.winehq.org/viewtopic.php?f=8&t=32337 ("Wine 4.6 + HeidiSQL 10.1")
HeidiSQL Github project/bug tracker:
https://github.com/HeidiSQL/HeidiSQL/issues/630
Download:
https://www.heidisql.com/builds/heidisql32.r5547.exe
Internet Archive snapshot for reproduce:
https://web.archive.org/web/20190503072629/https://www.heidisql.com/builds/heidisql32.r5547.exe
There are multiple offenders with GOT/PIC loads where madCodeHook chokes on.
One example:
user32.DrawEdge
--- snip ---
7E6C1250 E9 D54AC482 JMP 01305D2A ; to trampoline
7E6C1255 05 ABAD0600 ADD EAX,6ADAB ; continuation
7E6C125A 8D4C24 04 LEA ECX,DWORD PTR SS:[ESP+4]
7E6C125E 83E4 F0 AND ESP,FFFFFFF0
7E6C1261 FF71 FC PUSH DWORD PTR DS:[ECX-4]
...
7E6C12D0 8B45 B0 MOV EAX,DWORD PTR SS:[EBP-50]
7E6C12D3 83E3 0F AND EBX,0F
7E6C12D6 0FB68C18 6879FCF>MOVZX ECX,BYTE PTR DS:[EAX+EBX+FFFC7968] ; *boom*
7E6C12DE 0FB68418 7879FCF>MOVZX EAX,BYTE PTR DS:[EAX+EBX+FFFC7978]
...
--- snip ---
Trampoline:
--- snip ---
01305D2A 90 NOP
01305D2B FF25 0A5D3001 JMP DWORD PTR DS:[1305D0A] ; heidisql.00A060E8
...
01346F4D FF25 536F3401 JMP DWORD PTR DS:[1346F53] ; 01346F4D
...
01305D31 FF25 0E5D3001 JMP DWORD PTR DS:[1305D0E] ; 02750000
...
02750000 E8 1C2AEF7B CALL user32.__x86.get_pc_thunk.ax
02750005 FF25 0B007502 JMP DWORD PTR DS:[275000B] ; cont user32.7E6C1255
...
--- snip ---
App hook:
--- snip ---
...
00A060E8 55 PUSH EBP
00A060E9 8BEC MOV EBP,ESP
00A060EB 51 PUSH ECX
00A060EC 53 PUSH EBX
00A060ED 56 PUSH ESI
00A060EE 57 PUSH EDI
00A060EF 8B5D 10 MOV EBX,DWORD PTR SS:[EBP+10]
00A060F2 8B75 0C MOV ESI,DWORD PTR SS:[EBP+C]
00A060F5 E8 7E30C6FF CALL heidisql.00669178
...
00A06176 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00A06179 50 PUSH EAX
00A0617A E8 2D28A1FF CALL heidisql.004189AC ; OFFSET gdi32.RestoreDC
00A0617F C3 RETN
...
00A06192 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00A06195 50 PUSH EAX
00A06196 FF15 5814AE00 CALL DWORD PTR DS:[AE1458] ; 01346F4D org prologue
00A0619C 5F POP EDI
00A0619D 5E POP ESI
00A0619E 5B POP EBX
00A0619F 59 POP ECX
00A061A0 5D POP EBP
00A061A1 C2 1000 RETN 10
--- snip ---
$ sha1sum heidisql32.r5547.exe
c4b0b0e803c38fa58b6bf7d99e40cf57c9e1ede4 heidisql32.r5547.exe
$ du -sh heidisql32.r5547.exe
7.9M heidisql32.r5547.exe
Regards
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list